CVE-2024-53130
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-53130 is a vulnerability affecting the Linux kernel. It involves a NULL pointer dereference issue in the 'nilfs2' filesystem, specifically in the 'block_dirty_buffer' tracepoint. This problem arises due to a reference to the 'dev_t' member 'bh->b_bdev->bd_dev' in mark_buffer_dirty(), which may not have a valid block device pointer. This issue occurs when buffer heads are detached and reattached, and the uptodate flag is restored without properly setting the block device. As a result, mark_buffer_dirty() can be called with an incorrect block device, leading to a NULL pointer dereference or a general protection fault when KASAN is enabled. To address this vulnerability, nilfs_grab_buffer() has been updated to always set the block device of the super block structure to the buffer head, regardless of the buffer's uptodate flag. This ensures that mark_buffer_dirty() is called with a valid block device pointer, preventing the NULL pointer dereference and any related security risks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.